Apocalypse Soon

Risk — big, disruptive risk — is the theme of the day. It's manifest in public concerns about terrorist attacks, nuclear proliferation, global warming, the end of oil, the trade deficit, the budget deficit, and the housing bubble. It's rife in Corporate America, where large industries are tottering, the pension system is wobbling, and health-care costs are soaring. The summer's top movie is about an alien invasion of Earth; apocalypse is in the air.

So it's not surprising that some people are recommending that CFOs look up from their ledgers and start worrying about big, external risks. Greg Hackett, president of MergerShop, a management think tank in Bath, Ohio, says finance executives should be on the lookout for "the meteors that can kill your company." Likewise, Adrian Slywotzky, a managing director at Mercer Management Consulting in Boston, says it's time for the CFO to become the chief sentinel for strategic risk — defined as threatening external trends and events — which he calls "the biggest risk of all."

Ditch the green eyeshades, grab the binoculars, and start scanning the skies. Many businesses fail to appreciate just how vulnerable they are, says Hackett. Sixty percent of publicly traded companies are in some form of decline, he says; either their growth has leveled off, or they can't grow internally. Taking a longer view, he points out that only 15 percent of the companies on the S&P 500 in 1957 were still on the list in 1997. Meanwhile, Slywotzky notes that from 1993 through 2003, more than a third of the companies on the Fortune 1,000 lost at least 60 percent of their value in one year.

What kinds of risk cause companies to fail? Slywotzky cites seven types of strategic risk: industry, technology, brand, competitor, customer, project, and stagnation. A company's products, for instance, may be commoditized, or its industry may be deregulated. Its brand could erode. An important project could fail, customers could suddenly change preferences, a dominant new competitor could appear, or a new technology could prove disruptive.

Hackett offers a 12-fold taxonomy of external changes that can sap growth and shareholder value (see "12 Sources of Risk" at the end of this article). When big changes occur in one area — whether demographics, or channels, or product life cycles, or loyalty (customer, supplier, or employee) — other areas can be affected in turn, like dominoes falling. Some changes can happen virtually overnight; others may take anywhere from 10 to 20 years to gather force, says Hackett.

No matter how such risks are classified, both consultants urge companies to acknowledge the danger and start managing the risks — and put the CFO in charge of doing so.

A Sense of Objectivity
The concept of strategic risk is not new. Recall, for example, Intel chairman Andy Grove's famous motto in the 1990s: "Only the paranoid survive." Public companies routinely discuss threats to their businesses in their annual reports. But strategic risk management is still a fledgling discipline, and not many companies practice it.

Slywotzky and Hackett maintain that the CFO — not the vice president for strategy, say, or the chief risk officer — is best suited to monitor big, external risks. Who, after all, has a better sense of a company's overall financial position and margin of error? Who better understands a company's cash flows, or its capital-budgeting requirements?

"Few people in the organization have that sense of business objectivity as well as financial sophistication in a world of, frankly speaking, advocates," comments Slywotzky. "People advocate their business, their operating unit, their growth opportunities. They will acknowledge the risks associated with those, but that's not their primary emphasis — nor is seeing the impact of risk on the entire enterprise."

Slywotzky recommends establishing a risk management process that begins by identifying strategic risks, predicting their severity, and calculating their probability. For clarity, the risks should be mapped. For comparability, they should be quantified in a single measure, such as cash flow at risk. Then, for each risk, companies should consider countermeasures — a set of options, "one or a couple of which could represent attractive growth opportunities," says Slywotzky. Snatching growth from the jaws of disaster is the upside of his (and Hackett's) message. If, for example, a Wal-Mart threatens to dominate an industry, a Target can plan to move its products upmarket.

Finally, says Slywotzky, companies should adjust their cost of capital allocations and their capital structures to reflect the various risks they face.

From Theory to Practice
Will CFOs be willing to take on this new task? It's one thing to be a strategic consigliere to the CEO, as many CFOs are; it's another to build the consensus and a system for strategic risk management. After all, there are finance departments to be run.

Take David P. Warren, executive vice president and CFO of the Nasdaq Stock Market Inc. Warren calls himself a "strategic worrier." With stock trading increasingly commoditized, Nasdaq chief executive Robert Greifeld wants Warren and his finance staff to think more about developing new sources of growth. But at the same time, says Warren, "I have to deliver on budget and efficiency. I have to make sure the cost of running my organization is screwed down really tight." In general, he says, CFOs are being "asked to do big, bright, beautiful things, but are measured by how efficient and cheap they are."

Hackett, who was a pioneer in the benchmarking of finance operations during the 1990s, contends that CFOs have become overly preoccupied with internal efficiencies: "The company's not going to die if you don't take an extra 2 cents off your transaction costs." The reengineering revolution is over, he says. Transaction processing has become routine, like a production process; "quit paying attention to it."

What about the time-consuming burden of complying with Sarbanes-Oxley? "Sarbox is not forever," answers Slywotzky. "Companies are not going to be dealing with it two years from now."

Hackett proposes a radical way to lighten the finance load: "Get rid of transaction processing. Outsource every aspect of it." Big outsourcers offer economies of scale and processing chops that are compliant with Sarbox and best practices, he says. With their time thus freed up, CFOs could start construction of an "early warning system" for major risks, collecting data on each.

But what if a CFO doesn't want to outsource the finance department?

"Then tell the CEO you want to take a different approach to planning this year," replies Hackett. "Look at the [12 areas of risk]; you ought to be smart enough to ask questions about what's happening in each." For example, do new technologies threaten a top product? Are there new regulations in the works, either domestically or abroad, that could affect the business? Is customer loyalty deteriorating? Submit such questions to the managers involved in planning and ask them to come to meetings with prepared answers, he advises. "Change the culture so it starts thinking about failure," says Hackett.